Chapter 4. page 147. Figure 4.27.
Step 5 says "real username." Should say... something else. Step 2 says the suplicant gives the authenticator a "bogus username." It doesn't say if that bogus username is passed on by the authenticator. The text just says the authenticator tells the AS that "a supplicant wants to be validated." Perhaps it depends on the PEAP type.